Phishing Scams on LinkedIn
Fraudulent messages and fake login pages target LinkedIn users to steal credentials, corporate data, and personal information.
Part of: Phishing
Last reviewed: 1 June 2026
LinkedIn holds a trove of professionally sensitive information — work email addresses, corporate relationships, career history, and contact details — making its users valuable phishing targets. Phishing attacks on the platform range from fake InMail encouraging users to re-authenticate their account, to malicious documents shared under the guise of business proposals, to off-platform emails using LinkedIn branding.
Business email compromise (BEC) often begins with LinkedIn reconnaissance: attackers map an organisation's structure, identify finance staff and decision-makers, then use spear-phishing emails that reference specific colleagues and projects found on LinkedIn.
How this scam works on LinkedIn
A message notification claims there is an issue with the LinkedIn account and links to a fake login page. Alternatively, a connection sends a direct message with an attachment labelled as a business proposal or portfolio, which is actually malware. Some attacks proceed through emails appearing to come from LinkedIn, using identical styling to genuine platform notifications, that redirect to credential-harvesting pages.
For corporate targets, the goal is often not just the LinkedIn account but corporate VPN credentials or internal tool access that uses the same email and password.
Common red flags
- Notification directing you to log in at a URL that is not exactly linkedin.com
- Message from a connection containing an unexpected document or download link
- Email styled like a LinkedIn notification that requests re-authentication
- InMail from a new connection immediately sharing a business proposal with an attached file
- Message referencing specific colleagues or projects to appear legitimate
How to protect yourself
- Access LinkedIn only by typing the URL directly or using a saved bookmark
- Enable two-step verification on your LinkedIn account
- Never open unexpected attachments from LinkedIn connections without verifying intent first
- Use unique credentials for LinkedIn separate from corporate tools
How to report it
- Report phishing messages to LinkedIn via the built-in report function
- Report phishing emails to your email provider and national cyber authority
- Change your LinkedIn password immediately if credentials were entered on a suspicious page
Frequently asked questions
Why am I more likely to be spear-phished because of my LinkedIn profile?
LinkedIn profiles provide attackers with your job title, employer, colleagues' names, and sometimes your work email format. This information is used to craft highly tailored phishing emails that reference real details, making them much harder to identify as fraudulent.